Maker Pro
Maker Pro

Worm and Virus attack

A

Aubrey McIntosh

Jan 1, 1970
0
I have received almost 700 copies of worm or virus mail to this
account in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?
 
D

Don Pearce

Jan 1, 1970
0
I have received almost 700 copies of worm or virus mail to this
account in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

d

_____________________________

http://www.pearce.uk.com
 
W

Winfield Hill

Jan 1, 1970
0
Don Pearce wrote...
I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

Thanks,
- Win
 
W

Walter Harley

Jan 1, 1970
0
Don Pearce said:
Everyone. At 700 you have come off lightly.

Rather: everyone who uses an email address on Usenet, or at least on these
groups. It does not appear to be hitting anyone else I've talked to.

I think the observation that "SWEN" is "NEWS" backwards is apropos.

Why people insist on defecating in their own beds is beyond me. I look
forward to the day when the kids get bored with this pastime.
 
T

Tim Stinchcombe

Jan 1, 1970
0
I have received almost 700 copies of worm or virus mail to this
account in the past 24 hours.

Count is up to about 150 at moment, currently running at about 3 or 4 every
20 minutes. I'll gladly lend my services to apply an Irish adjuster to the
perpetrators PC.
 
J

Jim Thompson

Jan 1, 1970
0
Don Pearce wrote...
I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

Thanks,
- Win

Those of us running Eudora got NONE ;-)

...Jim Thompson
 
W

Winfield Hill

Jan 1, 1970
0
Jim Thompson wrote...
Those of us running Eudora got NONE ;-)

It has nothing to do with what email client you're
running. As it happens I've been using The BAT at
home (and Netscape at work).

The BAT is a standards-based email program that
won't do _any_ type of automatic execution, which is
probably what you're thinking of. But this doesn't
protect you from getting a flood of email if some
computers out there should turn their firehoses on
you! Watch out!

Thanks,
- Win
 
R

Richard Henry

Jan 1, 1970
0
Winfield Hill said:
Don Pearce wrote...
I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

I have the opposite experience. I wnet in to work this morning for the
first time since Monday AM. I spent 5 minutes hitting the delete key. At
home nothing. It may be due to the fact that the address you see with this
message is false, and the work address is in the clear.
 
J

John Larkin

Jan 1, 1970
0
Don Pearce wrote...
On 19 Sep 2003 10:51:14 -0700, Aubrey >McIntosh wrote:

I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

Thanks,
- Win

Those of us running Eudora got NONE ;-)

...Jim Thompson

Netscape, none, but I don't see how one's email client affects this.
At least with Netscape, unopened mail doesn't execute.

What do the virus messages look like?

John
 
J

Jim Thompson

Jan 1, 1970
0
Don Pearce wrote...

On 19 Sep 2003 10:51:14 -0700, Aubrey >McIntosh wrote:

I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

Thanks,
- Win

Those of us running Eudora got NONE ;-)

...Jim Thompson

Netscape, none, but I don't see how one's email client affects this.
At least with Netscape, unopened mail doesn't execute.

What do the virus messages look like?

John

Eudora's address book isn't hijackable as Outhouse Excuse's is.

Although I suppose I could get listed in someone's Outhouse address
book... it's not likely... I have no friends ;-)

...Jim Thompson
 
S

Spehro Pefhany

Jan 1, 1970
0
Don Pearce wrote...

On 19 Sep 2003 10:51:14 -0700, Aubrey >McIntosh wrote:

I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

Thanks,
- Win

Those of us running Eudora got NONE ;-)

...Jim Thompson

Netscape, none, but I don't see how one's email client affects this.
At least with Netscape, unopened mail doesn't execute.

What do the virus messages look like?

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

A lot of them look like the "Microsoft" message that starts about
halfway down the above page. Or a fake bounced e-mail message.

I've gotten about 1500 of them (at 140K+ each) in the last 30 hours.
8-( Of course I'm not about to execute an unknown file, but it's
clogging things up like a mailbomb attack- and some incoming mails got
bounced overnight.

Best regards,
Spehro Pefhany
 
K

Keith R. Williams

Jan 1, 1970
0
They're about 150K with a subject or From: indicating that these
are M$ "fixes". Thay call what they do to male cats-n-dogs
getting "fixed" too.
Eudora's address book isn't hijackable as Outhouse Excuse's is.

Doesn't matter. I don't use outhouse. I don't have the virus,
but someone who has my email address in their address book
certainly does.
Although I suppose I could get listed in someone's Outhouse address
book... it's not likely... I have no friends ;-)

I'll forward you a copy, if you fell left out...
 
S

Siol

Jan 1, 1970
0
Winfield Hill said:
Don Pearce wrote...
I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

Thanks,
- Win


I got none, its got to be e-mails harvested from Usenet (my email is not listed).

Siol
 
S

Steve Wertz

Jan 1, 1970
0
I got none, its got to be e-mails harvested from Usenet (my email is not listed).

Mine hasn't either, but several forms of my email have such as:

[email protected]
[email protected]
[email protected]
[email protected]

Plus I've also embedded my address in some article bodies.

Somebody must be doing some scrubbing of the addresses, becaise I've
received about 40 (messages saying a message was rejected at my ISP).

By dissimenating it to people who use USENET, the hackers get great
feedback about the headaches they're causing. The Troll Syndrome.

-sw
 
S

Spehro Pefhany

Jan 1, 1970
0
I got none, its got to be e-mails harvested from Usenet (my email is not listed).
Siol

Hint: It's called "Swen".

Best regards,
Spehro Pefhany
 
J

Jim Thompson

Jan 1, 1970
0
Jim Thompson wrote...

It has nothing to do with what email client you're
running. As it happens I've been using The BAT at
home (and Netscape at work).

The BAT is a standards-based email program that
won't do _any_ type of automatic execution, which is
probably what you're thinking of. But this doesn't
protect you from getting a flood of email if some
computers out there should turn their firehoses on
you! Watch out!

Thanks,
- Win

I suspect that here Cox Communications is stopping it all... I note
that outbound E-mail is posting *very* slowly.

...Jim Thompson
 
A

Active8

Jan 1, 1970
0
I have received almost 700 copies of worm or virus mail to this
account in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

i see linux systems weren't affected nor DOS or, suprisingly, MS IIS. i
swear these attacks only happen *after* ms posts a security bulletin.
then the script kiddies go to work figuring that people don't check for
updates and apply them.

for the past week, i've only had two e-mail spams sitting on the ISPs
server. i didn't download them, i just saw them in mailwasher -
www.mailwasher.net

i just got in and there were an additional 55 on the server. one of them
came from someone i know who most likely has me in her address book
which will be outhouse excuse as Jim calls it - i like that.

i'll use mailwasher to bounce them as invalid address. i see one money
making spam *may* have been harvested from usenet assuming it stripped
the "invalid" off the end of my posting addy. that would have happened
(and it's dated a week or so ago) before i further obfuscated my addy.
it has an opt out.

the flood:

i see one has gekjau.exe attached. it's from

"Internet Message System" <[email protected]>

an undeliverable message. i didn't send jack so nothing can be returned.

another "undeliverable" with

Content-Type: audio/x-wav; name="gsfoego.exe" i can see the MIME type
causing that to get run, but not here. i'm covered.

both are 800 lines - see the pattern?

another one with

Content-Type: audio/x-wav; name="ccihsep.scr"

an executable screensaver

there's more "returned" mails but i also have a slew of those ms
security updates and other ms crap. i usually don't get so many of
those. maybe 1 a month (cause i bounce, not delete.) no exe files
attached but the ones i checked are all 800 lines. hmmm... what's with
800 lines?

i see a lot of "MS" crap which is *not* the update ruse, but returned
mail with exe files.

i think i'll leave the stuff on the ISPs server and let them examine it,
unless they tell me to go ahead and bounce it. nice feature - they have
online chat support.

well earthlink doesn't care. so much for trying to help them. they said
to contact MS. f MS. i'm not infected. sarc will find the bastard,
maybe.

looks like i got off easy on this flood, so far. sorry to hear others
got hammered.

mike
 
A

Active8

Jan 1, 1970
0
Jim-T@golana- said:
Don Pearce wrote...
On 19 Sep 2003 10:51:14 -0700, Aubrey >McIntosh wrote:

I have received almost 700 copies of worm or virus mail
to this account [snipped] in the past 24 hours.

This has been the GIBE virus, the new "returned mail" item.

Anyone else?

Everyone. At 700 you have come off lightly.

I got over 1000 at home this morning, over 450 of them
arriving in a single 5 minute period at about 0640 EST.
Strangely, I got almost none at my work email.

Thanks,
- Win

Those of us running Eudora got NONE ;-)

...Jim Thompson
too bad the free Eudora is spyware. not sure about the not free one, if
there is such a thing.

mike
 
A

Active8

Jan 1, 1970
0
Jim Thompson wrote...

It has nothing to do with what email client you're
running. As it happens I've been using The BAT at
home (and Netscape at work).

The BAT is a standards-based email program that
won't do _any_ type of automatic execution, which is
probably what you're thinking of. But this doesn't
protect you from getting a flood of email if some
computers out there should turn their firehoses on
you! Watch out!

Thanks,
- Win
thanks for the BAT tip. i'll have to see if pegasus mail auto executes
and check out BAT. that was an easy google.

mike
 
Top